summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJoe MacDonald <joe@deserted.net>2013-12-03 14:48:42 -0500
committerJoe MacDonald <joe@deserted.net>2013-12-05 09:03:41 -0500
commit2209cb5fc21c1ad5a7471897528ed64170f70219 (patch)
treea0fe2a090416ae06e8de1903c3ab78bad06814de
parentd549fef3f4c41140b8f74263724deb75c9b5908e (diff)
downloadmeta-selinux-2209cb5fc21c1ad5a7471897528ed64170f70219.tar.gz
policy: Create compressed_policy distro feature
There is a small cost to having compressed policy files on the final image both in terms of memory requirements and load times. In nearly all circumstances this is negligible, but this adds a DISTRO_FEATURE that can be used to enable it, if desired. The default selinux distros will enable the feature by default. Signed-off-by: Joe MacDonald <joe@deserted.net>
Diffstat
-rw-r--r--conf/distro/oe-selinux.conf2
-rw-r--r--recipes-security/refpolicy/refpolicy_common.inc32
2 files changed, 23 insertions, 11 deletions
diff --git a/conf/distro/oe-selinux.conf b/conf/distro/oe-selinux.conf
index 6e55a32..5f4af87 100644
--- a/conf/distro/oe-selinux.conf
+++ b/conf/distro/oe-selinux.conf
@@ -1,4 +1,4 @@
1DISTRO = "oe-selinux" 1DISTRO = "oe-selinux"
2DISTROOVERRIDES .= ":selinux" 2DISTROOVERRIDES .= ":selinux"
3 3
4DISTRO_FEATURES_append = " acl xattr pam selinux" 4DISTRO_FEATURES_append = " acl xattr pam selinux compressed_policy"
diff --git a/recipes-security/refpolicy/refpolicy_common.inc b/recipes-security/refpolicy/refpolicy_common.inc
index b46903f..a71c5dd 100644
--- a/recipes-security/refpolicy/refpolicy_common.inc
+++ b/recipes-security/refpolicy/refpolicy_common.inc
@@ -11,8 +11,10 @@ SRC_URI += "file://customizable_types \
11 11
12S = "${WORKDIR}/refpolicy" 12S = "${WORKDIR}/refpolicy"
13 13
14FILES_${PN} = "${sysconfdir}/selinux/${POLICY_NAME}/ \ 14FILES_${PN} = " \
15 ${datadir}/selinux/${POLICY_NAME}/*.pp.bz2" 15 ${sysconfdir}/selinux/${POLICY_NAME}/ \
16 ${@base_contains('DISTRO_FEATURES', 'compressed_policy', '${datadir}/selinux/${POLICY_NAME}/*.pp.bz2', '${datadir}/selinux/${POLICY_NAME}/*.pp', d)} \
17 "
16FILES_${PN}-dev =+ "${datadir}/selinux/${POLICY_NAME}/include/" 18FILES_${PN}-dev =+ "${datadir}/selinux/${POLICY_NAME}/include/"
17 19
18DEPENDS += "checkpolicy-native policycoreutils-native m4-native" 20DEPENDS += "checkpolicy-native policycoreutils-native m4-native"
@@ -79,14 +81,24 @@ EOF
79 mkdir -p ${D}${sysconfdir}/selinux/${POLICY_NAME}/modules/active/modules 81 mkdir -p ${D}${sysconfdir}/selinux/${POLICY_NAME}/modules/active/modules
80 mkdir -p ${D}${sysconfdir}/selinux/${POLICY_NAME}/contexts/files 82 mkdir -p ${D}${sysconfdir}/selinux/${POLICY_NAME}/contexts/files
81 touch ${D}${sysconfdir}/selinux/${POLICY_NAME}/contexts/files/file_contexts.local 83 touch ${D}${sysconfdir}/selinux/${POLICY_NAME}/contexts/files/file_contexts.local
82 for i in ${D}${datadir}/selinux/${POLICY_NAME}/*.pp; do 84 if ${@base_contains('DISTRO_FEATURES','compressed_policy','true','false',d)}; then
83 bzip2 $i 85 for i in ${D}${datadir}/selinux/${POLICY_NAME}/*.pp; do
84 if [ "`basename $i`" != "base.pp" ]; then 86 bzip2 $i
85 cp ${i}.bz2 ${D}${sysconfdir}/selinux/${POLICY_NAME}/modules/active/modules/`basename $i` 87 if [ "`basename $i`" != "base.pp" ]; then
86 else 88 cp ${i}.bz2 ${D}${sysconfdir}/selinux/${POLICY_NAME}/modules/active/modules/`basename $i`
87 cp ${i}.bz2 ${D}${sysconfdir}/selinux/${POLICY_NAME}/modules/active/`basename $i` 89 else
88 fi 90 cp ${i}.bz2 ${D}${sysconfdir}/selinux/${POLICY_NAME}/modules/active/`basename $i`
89 done 91 fi
92 done
93 else
94 bzip2 -c ${D}${datadir}/selinux/${POLICY_NAME}/base.pp >\
95 ${D}${sysconfdir}/selinux/${POLICY_NAME}/modules/active/base.pp
96 for i in ${D}${datadir}/selinux/${POLICY_NAME}/*.pp; do
97 if [ "`basename $i`" != "base.pp" ]; then
98 bzip2 -c $i > ${D}${sysconfdir}/selinux/${POLICY_NAME}/modules/active/modules/`basename $i`;
99 fi
100 done
101 fi
90 102
91 # Create policy store and build the policy 103 # Create policy store and build the policy
92 semodule -p ${D} -s ${POLICY_NAME} -n -B 104 semodule -p ${D} -s ${POLICY_NAME} -n -B
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2025-07-25 22:42:26 +0000